Hi, > It sounds to me like you're saying this is a server-side issue. Since AD > is available via LDAP, why couldn't this FreeRadius install just use > rlm_ldap to access the machine account info in AD?
No. There is one important difference between plain LDAP and AD: an AD server will _never_ give away the user's (machine's) password. Never. The closest thing you can get is a MS-CHAP challenge that is built from the password, but for some reason that doesn't do the trick. > The Microsoft side of things isn't my greatest strength, least of all the > AD/LDAP stuff, but it seems as though this *should* work. It would, if AD would give you the password. But it doesn't. Greetings, Stefan Winter -- Stefan WINTER Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingénieur de recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg email: [EMAIL PROTECTED] tél.: +352 424409-1 http://www.restena.lu fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html